The Administration released a White Paper on Friday that summarized its claimed legal basis for the bulk collection of telephony metadata, also known as the Associational Tracking Program under section 215 of the Patriot Act, codified as 50 U.S.C. section 1861. While we’ll certainly be saying more about this analysis in the future, the paper makes one central point clear:

There is no direct authorization for the Associational Tracking Program in Patriot Act section 215.

Current Federal Bureau of Investigation (FBI) Director Robert Mueller’s term is expiring (again), and the Senate Judiciary Committee will be holding a hearing to question the nominee to replace Mueller, James Comey.

As news websites around the globe are publishing story after story about dragnet surveillance, these news sites all have one thing in common: when you visit these websites, your personal information is broadcast to dozens of companies, many of which have the ability to track your surfing habits, and many of which are subject to government data requests.

How Does This Happen?

When you load a webpage in your browser, the page normally includes many elements that get loaded separately, like images, fonts, CSS files, and javascript files. These files can be, and often are, loaded from different domain names hosted by different companies. For example, if a website has a Facebook Like button on it, your browser loads javascript and images from Facebook's server to display that Like button, even if the website you're visiting has nothing to do with Facebook.

The Guardian and the Washington Post recently published slides that indicate that the US government’s National Security Agency (NSA) is engaged in mass surveillance of users around the world through a program called PRISM. The NSA is extracting audio, video, photographs, emails, documents, and connection logs from nine leading Internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Furthermore, the US is reportedly sharing this data with the UK government.

Much of the U.S. media coverage of the NSA revelations has concentrated on its impact on the constitutional rights of U.S. Internet users. But what about the billions of Internet users around the world whose private information is stored in U.S. servers, or whose data travels across U.S. networks?